Expert(s):
Research Engineer feature_status*/ ?>
DomainTools

Comments Dotted : 18
December 01, 2020

Experts On Delaware County Pays $500,000 Ransom To DoppelPaymer Gang
Anyone else involved in the process of government need to be especially vigilant to phishing emails.
Ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay. When sitting on a treasure trove of sensitive personal information, attackers know that the looming threat of exposing it on hacking forums gives them more leverage to instigate a payment. This all comes of course with an increasing number of businesses paying, further incentivizing attackers to use this extra leverage. Governmental bodies and.....Read More
Ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay. When sitting on a treasure trove of sensitive personal information, attackers know that the looming threat of exposing it on hacking forums gives them more leverage to instigate a payment. This all comes of course with an increasing number of businesses paying, further incentivizing attackers to use this extra leverage. Governmental bodies and public entities are particularly attractive targets for both cybercriminal gangs and nation-state actors, due to the financially lucrative or politically sensitive information they hold. Government ministers, civil servants, and anyone else involved in the process of government need to be especially vigilant to phishing emails – which remain the most popular entry vector for ransomware - and the security measures in place need to be the most stringent available, including user training on the risks and tell-tale signs of a phishing attack and email filtration systems.  Read Less
November 03, 2020

Comment: Cybereason Researchers Find New North Korean Malware Suite
Cybersecurity awareness training and email filtering systems, but also DNS firewalling are among the essentials.
Cybereason's findings are concerning but not surprising: wherever there is valuable information, there will also be an attempt on the part of threat actors to get their hands on it for financial gain, or to leverage for further campaigns of cybercrime. However, it is worth remembering that despite how effective this spyware might be at covering its tracks, it relies on the same entry vectors as most of cyber threats currently populating the landscape. Emails remain cybercriminals avenue of.....Read More
Cybereason's findings are concerning but not surprising: wherever there is valuable information, there will also be an attempt on the part of threat actors to get their hands on it for financial gain, or to leverage for further campaigns of cybercrime. However, it is worth remembering that despite how effective this spyware might be at covering its tracks, it relies on the same entry vectors as most of cyber threats currently populating the landscape. Emails remain cybercriminals avenue of choice to deliver malicious software, which is why there is really no excuse for organisations not to step up their anti-phishing measures. Education and technology should be working in concert to minimise the chences of human error. Cybersecurity awareness training and email filtering systems, but also DNS firewalling are among the essentials that all security teams should put in place to ensure that they are prepared for this kind of attack.  Read Less
October 30, 2020

Comment: Wisconsin Republican Party Hacked For $2.3 Million
This looks like an incident of BEC fraud which has cost the Wisconsin Republican party millions.
This looks like an incident of BEC fraud which has cost the Wisconsin Republican party millions. BEC fraud is an attack vector on the up. Cybercriminals appear to be discovering the reality that as opposed to engaging with ‘wide-net’ phishing campaigns, they can save time and energy in researching one individual within a business, such as a member of the finance or HR teams, and sending them a targeted email that they would feel remiss not to engage with, such a message from the CEO or a.....Read More
This looks like an incident of BEC fraud which has cost the Wisconsin Republican party millions. BEC fraud is an attack vector on the up. Cybercriminals appear to be discovering the reality that as opposed to engaging with ‘wide-net’ phishing campaigns, they can save time and energy in researching one individual within a business, such as a member of the finance or HR teams, and sending them a targeted email that they would feel remiss not to engage with, such a message from the CEO or a member of the C-suite. Sites such as LinkedIn make this incredibly easy to achieve, allowing a threat actor to research members of staff in an organization with a few clicks, In order to avoid the exponential growth of these scams continuing, businesses need to engage in robust training and awareness campaigns with staff, as well as investing in an email filtering system which is regularly audited and updated.  Read Less
October 29, 2020

Enel Group Hit Again By Ransomware And Netwalker Demands $14 Million
Security training to keep employees from opening a malicious document in a phishing email is a good start.
This attack is yet another confirmation that defenders need to be right all the time, whereas cybercriminals need to be right only once. Enel was able to stop the spreading of the Snake ransomware back in June, which means that their security controls were probably strong and their response plan well-rehearsed. Unfortunately, this wasn't enough to stop the Netwalker ransomware gang, who appears to be intentioned to leak stolen data if the energy provider won't agree to pay the ransom......Read More
This attack is yet another confirmation that defenders need to be right all the time, whereas cybercriminals need to be right only once. Enel was able to stop the spreading of the Snake ransomware back in June, which means that their security controls were probably strong and their response plan well-rehearsed. Unfortunately, this wasn't enough to stop the Netwalker ransomware gang, who appears to be intentioned to leak stolen data if the energy provider won't agree to pay the ransom. Ransomware attacks are almost always the second step of an intrusion so avoiding ransomware in the first place involves general best practices. Security training to keep employees from opening a malicious document in a phishing email is a good start. Additionally, patching for common vulnerabilities and network segmentation will keep ransomware from spreading if it does find its way into your network. The goal here should be not to stop all together since attackers will constantly be trying to find a way through — and almost always will at least once at some point — but to make it expensive for the attacker and reduce damages if there is an incident.  Read Less
October 15, 2020

Expert Advice To Protect Universities In This New Year Against Latest Iranian Hackers
Security worst best when it focuses on prevention, rather than reaction.
This resurgence in phishing emails around the start of term further shows how well cybercriminals study their targets and plan their campaigns according to the world around them, utilising social engineering techniques that increase their chance of success. These universities don't need reminding that cybersecurity awareness programmes need to run regularly to minimise the risk of these attacks being successful. The data hosted on university servers automatically makes them one of the most.....Read More
This resurgence in phishing emails around the start of term further shows how well cybercriminals study their targets and plan their campaigns according to the world around them, utilising social engineering techniques that increase their chance of success. These universities don't need reminding that cybersecurity awareness programmes need to run regularly to minimise the risk of these attacks being successful. The data hosted on university servers automatically makes them one of the most appealing targets for advanced persistent threats, aimed at exfiltrating sensitive information and research data, but also for ransomware attacks and other types of disruptive threats. Email filtering systems in place should be cutting edge, and university security teams should also be equipped with tools that give them the capability to proactively investigate these threats and anticipate attackers' next moves. Security worst best when it focuses on prevention, rather than reaction.  Read Less
October 13, 2020

Tyler Technologies Paid Ransomware Gang For Decryption Key
The increasing complexity of these attacks further reinforces the case for prevention.
Paying the ransom should always be organisations' last resort. It is unfortunate that Tyler Technologies found themselves in that position and isn't necessarily a reflection on the security precautions they had in place prior to falling victim to this attack. Recently, in fact, cybercriminals have learnt to make up to date, secure backups useless by exfiltrating data as part of their ransomware attack. The victim is then threatened with the public release of such data and is forced to pay a.....Read More
Paying the ransom should always be organisations' last resort. It is unfortunate that Tyler Technologies found themselves in that position and isn't necessarily a reflection on the security precautions they had in place prior to falling victim to this attack. Recently, in fact, cybercriminals have learnt to make up to date, secure backups useless by exfiltrating data as part of their ransomware attack. The victim is then threatened with the public release of such data and is forced to pay a ransom hoping that attackers will keep their word. The increasing complexity of these attacks further reinforces the case for prevention. Organisations should have an efficient email filtering system and run regular cyber awareness training programmes that can at least help secure the most popular entry vector, which is employees' inboxes. Furthermore, even in instances of double extortion ransomware, having secure, offline backups always places the victim in a better position and increases the probability that they won't have to pay up.  Read Less
October 07, 2020

Experts Reacted On Corporate Credentials On The Dark Web Up By 429% This Year
Organisations are advised to audit their security posture and ideally change their employees' credentials.
All but encouraging, the figures reported by Arctic Wolf’s Security Operations Annual Report confirm what security teams have observed since the start of the pandemic. Challenges have changed in nature and increased in number as cybercriminals – as per usual – exploited a global crisis to ramp up their efforts. Phishing attempts, especially, are a threat that tends to increase around significant geopolitical events as threat actors try to leverage people’s fears and desire for.....Read More
All but encouraging, the figures reported by Arctic Wolf’s Security Operations Annual Report confirm what security teams have observed since the start of the pandemic. Challenges have changed in nature and increased in number as cybercriminals – as per usual – exploited a global crisis to ramp up their efforts. Phishing attempts, especially, are a threat that tends to increase around significant geopolitical events as threat actors try to leverage people’s fears and desire for information to get them to click on the wrong link. In light of this report, organisations are advised to audit their security posture and ideally change their employees' credentials to avoid account takeover attacks. Furthermore, 2FA or, better, MFA should be enabled wherever possible, especially for admin accounts, whose sessions should also be monitored to spot the signs of a compromise before it’s too late.  Read Less
October 05, 2020

Experts On UK’s HMRC ‘Bombarded’ By 5,000 Malicious Email Attacks Every Day
The UK's HMRC has always been one of cybercriminals' favourite organisations to impersonate.
The UK's HMRC has always been one of cybercriminals' favourite organisations to impersonate. After all, what better way to create a sense of urgency or a desire to engage with the email in a potential victim than to pretend to be a tax collection agency, either threatening action or offering a rebate? The other reason why HMRC is so convenient for threat actors to impersonate is the wealth of information that people necessarily and readily share with this entity. It is then unsurprising that.....Read More
The UK's HMRC has always been one of cybercriminals' favourite organisations to impersonate. After all, what better way to create a sense of urgency or a desire to engage with the email in a potential victim than to pretend to be a tax collection agency, either threatening action or offering a rebate? The other reason why HMRC is so convenient for threat actors to impersonate is the wealth of information that people necessarily and readily share with this entity. It is then unsurprising that they would try to cut the middle man and attempt to breach HMRC itself, whose systems are a treasure trove of personal identifiable information. As always, cybersecurity training remains the best way to reduce the risk posed by these malicious emails. Clearly, HMRC's security team must have been doing a good job in the past three months if all of these emails were blocked and identified as malicious.  Read Less
September 14, 2020

Experts Insight On US Court of Louisiana Hit by “Conti” Ransomware
Organisations should look into mandating that IT teams follow industry-standard best practices.
This ransomware attack confirms a trend we have seen emerge recently, which is ransomware doubling up as a data breach. Rather than simply encrypting files, attackers have realised that they can increase their profits and the havoc caused by exfiltrating data first. High profile targets such as courts and government are a ripe target for this type of attack, as the information their databases host is particularly sensitive and therefore valuable to be sold on the dark web. Assuming the US Court .....Read More
This ransomware attack confirms a trend we have seen emerge recently, which is ransomware doubling up as a data breach. Rather than simply encrypting files, attackers have realised that they can increase their profits and the havoc caused by exfiltrating data first. High profile targets such as courts and government are a ripe target for this type of attack, as the information their databases host is particularly sensitive and therefore valuable to be sold on the dark web. Assuming the US Court will decide not to pay the ransom to disincentivize future attacks, their security posture will need to be rebuilt from the ground up. With how interconnected everything is and thanks to cloud services, you would be surprised by how much can be recovered from other sources. Organisations should look into mandating that IT teams follow industry-standard best practices and maintain backups. Off-site backups are key here. Whether it is to an S3 bucket on AWS that does versioning, a file server in a colocation center, or recorded to tapes and stored in a closet in another building, any organisation should have to have versioned, off-site backups. These should go in one direction only or be designed with the least privilege in mind.  Read Less
September 10, 2020

Experts Comment On Survey That 94% Of IT Professionals Have Experienced A Data Breach And Worry About Insider Threats More Than External Attacks
Breaches happen and defensive work is by its very nature a largely reactive job.
The reason for constant defender negativity lies in the maxim that every blue teamer is aware of: we have to be right every time while the attackers only need to be right once. Breaches happen and defensive work is by its very nature a largely reactive job. That cynicism is what happens after years of responding to something as unavoidable as gravity. Defenders worry most about insider threats because so many companies build this hard outer layer then have complete trust for employees inside......Read More
The reason for constant defender negativity lies in the maxim that every blue teamer is aware of: we have to be right every time while the attackers only need to be right once. Breaches happen and defensive work is by its very nature a largely reactive job. That cynicism is what happens after years of responding to something as unavoidable as gravity. Defenders worry most about insider threats because so many companies build this hard outer layer then have complete trust for employees inside. They have access to all of the data, networks, and information that attackers want to get a hold of and so continue to be a target. As we've seen with the recent foiled Tesla ransomware attempt, threat actors are now bribing with upwards of a million dollars to sway an employee. That's a hard threat to combat as you can do everything in your power to defend your network, but it just takes one employee to circumvent all of those defenses. Even with a zero trust model insider threats remain the most dangerous ones for security teams.  Read Less